<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 06/19/2013 09:05 AM, Aly Khimji wrote:
<blockquote
cite="mid:CAJMZt_ZjEhCSd9GyyZ4iJe15JWFLxvhBBGM8_ruw9p0t26tCrA@mail.gmail.com"
type="cite">
<div dir="ltr">We have managed to establish a FreeIPA / Windows
2003R2.
<div>However domain and forest functional level has to be set to
max on that platform which i believe is 2003 anyways. </div>
<div style="">I know when I was first attempting the trusts, on
a new 2003r2 DC and the forest functional level was set to
2000, the trust wouldn't establish and with IPA and the
process would die.</div>
<div><br>
</div>
<div style="">Everything "seems" to be working so far, so I
would also like to know as well if 2008 is a requirement 100%?</div>
</div>
</blockquote>
<br>
<br>
We have not tested this extensively. As Alexander mentioned there
might be issues. If you manage to set it up - great. If there are
some glitches they might be related to 2003 vs 2008 but we can't say
for sure without more investigation.<br>
If your testing reveals some reproducible issues we definitely want
to know about them. Whether we would be able to fix them is yet
another story.<br>
<br>
<blockquote
cite="mid:CAJMZt_ZjEhCSd9GyyZ4iJe15JWFLxvhBBGM8_ruw9p0t26tCrA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style=""><br>
</div>
<div style="">Thanks</div>
<div style=""><br>
</div>
<div style="">
Aly</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Jun 19, 2013 at 8:50 AM, Brian
Lee <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:brian_lee1@jabil.com" target="_blank">brian_lee1@jabil.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:arial,sans-serif;font-size:13px">Has
anyone successfully set up trusts between 2003 R2 and
FreeIPA? I noticed the documentation mentions 2008 R2 as
a prerequisite. Unfortunately our organization has not
completed the migration to 2008 R2 yet. I know, we're a
little behind the curve on that, but fortunately Windows
servers aren't my responsibility ;-)</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">If
the Kerberos realms are separate between Active
Directory and FreeIPA, why does the domain controller
need to be Windows 2008 R2 for an external trust? From
what I understand, there is no difference in an external
trust in Windows NT4, Active Directory 2003, 2008 R2 or
Windows 2012.</div>
<div style="font-family:arial,sans-serif;font-size:13px"> </div>
<div style="font-family:arial,sans-serif;font-size:13px">Thanks
in advance for any input or experiences with this
configuration!</div>
</div>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>